October 30, 2013 FCW.COM
19
ing partnerships with high schools,
colleges and universities to groom
tomorrow s cybersecurity workforce,"
said Evan Lesser, managing director
of ClearanceJobs.com. "The govern-
ment is woefully underprepared with
its cybersecurity workforce. The fact
is, government and contractor com-
puter networks are under attack
24/7/365. Additionally, with the elds
of cybersecurity, cyber response and
cyberattacks changing rapidly, any
workforce the government does have
must be regularly trained so their skills
are updated."
Building the workforce of
today --- and tomorrow
One of the most critical reasons for
gaps in the ranks is the lack of clearly
de ned roles. "Cybersecurity" covers a
wide range of job functions, from ana-
lysts to hardware technicians.
"One of the rst things at the high
level is actually de ning what it is you
want this person to do because it s not
as broad as it s sometimes made out
to be when you just say cybersecurity
career eld, " said Howard Schmidt,
formerly White House cybersecu-
rity coordinator and now executive
director of SAFECode and a partner
at Ridge-Schmidt Cyber. "Part of that
is requirements management: What
exactly do you need to serve your mis-
sion, and also [what are] the skill sets
to make sure your business processes
can be implemented?"
Government agencies are mak-
ing progress in that regard. In a joint
effort, the White House s Of ce of Sci-
ence and Technology Policy, the Chief
Human Capital Of cers Council, the
CIO Council and the Of ce of Person-
nel Management are creating a data-
base of statistical information related
to existing and future cybersecurity
positions. It is due by the end of s-
cal 2014.
"The new databank will enable agen-
cies to identify and address their needs
for cybersecurity skill sets to meet
their missions," a July 8 OPM memo
states. "This particular work function
has extensively changed over the last
decade, and these revisions provide
consistency and a common language
in describing the skill sets needed to
perform the work successfully."
Still, even after those missions and
requirements are defined, agencies
will likely face an uphill battle when it
comes to attracting talent. Top of cials
freely admit that the government can-
not compete with private-sector pay
at either the entry level or the top end
of the scale. And one of the primary
advantages of federal employment ---
the relative security of government
jobs --- has been called into question
by pay freezes, budget cuts, and the
inability of Congress and the president
to agree on scal 2014 funding. The
uncertainty could steer some potential
stars away from a career in the public
sector.
"Our students have always been will-
ing to make the trade-off in terms of
starting salary, but it s dif cult to take
an additional risk of [not] knowing if
you re going to be paid at all," said Don
Kettl, dean of the University of Mary-
land s School of Public Policy.
But many experts say salary is not
the chief motivator for the next-gener-
ation cybersecurity workforce.
According to a recent survey by
SemperSecure, a public/private cyber-
security initiative by the state of Vir-
ginia, just one in four of today s cyber-
security professionals cite salary and
bene ts as a top interest. More than
half said they seek interesting, chal-
lenging work, and 44 percent want
"important and meaningful work."
Numerous sources agreed that
appealing to a prospective employee s
sense of duty and patriotism is the key
to federal recruiting.
"It s not just compensation, but
also a sense of contribution and own-
ership," Schmidt said. "The government
has no endless supply of incentives,
but...people enjoy doing something
where they have a sense of ownership."
Lesser agreed, adding that agencies
should also highlight the bene ts of
government employment and play to
candidates love of technology --- an
interest cited by 39 percent of respon-
Dissension in
the ranks?
Former White House Cybersecu-
rity Coordinator Howard Schmidt
said Congress inability to pass
legislation that would better
de ne agencies cybersecurity
roles should not be a serious
problem, despite a tug of war over
who is in charge.
"I think the [cybersecurity] exec-
utive order has clari ed some of
those leadership issues," Schmidt
said. It is generally agreed that the
Department of Homeland Security
supports the private sector when
it comes to critical infrastructure;
the Defense Department and the
National Security Agency work
with the defense industrial base
and defense entities, including
some parts of the intelligence
community; and the FBI handles
law enforcement and
counterintelligence.
In terms of legislation, the House
has passed a bill aimed at lowering
the barriers for sharing information
between the private sector and the
government, but a broader Senate
bill has gone nowhere.
Schmidt said he believes agen-
cies can get along ne without
Congress delineating their cyberse-
curity responsibilities.
"By all accounts, there s a con-
sensus that the role in domestic
things is clear: If somebody hacks
into a power company [and] dis-
rupts the electrical ow, the FBI
would take the lead on the criminal
aspect of that unless it s a nation-
state...and then the rules are differ-
ent," he said. "We see more debate
than is necessary on this. Let s
solve the problem of who gets to
worry about their side of the ledger
because it s pretty clear."
--- Amber Corrin